Antivirus log analysis using EventLog Analyzer
Almost every organization uses antivirus software to boost their endpoint security.Using a tool that can consolidate and correlate information from antivirus tools with all other network information, security administrators can get more contextual information and actionable insights that can help tackle attacks and threats.
Detecting threats by analyzing antivirus logs
EventLog Analyzer's custom log parser can analyze log data from various antivirus software vendors, such as McAfee, ESET, Symantec, Microsoft, and Kaspersky. It can also correlate antivirus logs with logs from other sources—such as firewalls, servers, databases, and workstations—to preempt security attacks.
In addition to the important log fields that are automatically parsed and extracted by the custom log parser, EventLog Analyzer also provides users the option to extract their own fields, which they can use to set up criteria for alert profiles or create custom correlation rules.
- Correlation of antivirus log data: EventLog Analyzer can correlate log data from antivirus solutions with the rest of the network's log data—such as logs from servers, databases, firewalls, and routers—to spot attacks at an early stage. The solution comes with predefined correlation rules and also empowers users with the ability to create custom rules.
- Real-time alerts for threats: EventLog Analyzer can notify administrators in real-time over email and SMS upon detecting threats or critical security incidents after analyzing the antivirus log data.
- Security audit reports for antivirus logs: EventLog Analyzer also provides users the capability to build reports that show who performed what activities where and when. Users can schedule report generation for a specified time, redistribute reports over email, or export reports in PDF and HTML formats.
Antivirus softwares supported by EventLog Analyzer
- Microsoft Antimalware
- Norton Antivirus
- Sophos Antivirus